ML-KEM key exchanges using Bouncy Castle 1.79 #629
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
It was dropped by mistake when the plain alias was introduced in commit ff9fc91.
Avoid code duplication.
Refactor the KEM-based KEX paths a little bit; provide the ML-KEMs, and add the DH factories combining the ML-KEMs with the base curves and hashes. KexTest tests that the new key exchanges do work between an Apache MINA sshd client and server. Add an integration test that verifies that the new ML-KEM kex works against an OpenSSH 9.9 server (it only has mlkem768x25519, not the other two variants using ECDH nistp256/384, so we can't test those).
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Implement ML-KEM key exchanges; see https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-04 .
All three algorithms proposed in that draft RFC are implemented.
Includes an interoperability test for mlkem768x25519-sha256 against OpenSSH 9.9.
Fixes #606.